DB-Support, add user functionality

4 files changed, 85 insertions, 15 deletions

diff --git a/inc/db.inc.php b/inc/db.inc.php
new file mode 100644
index 00000000..09341a07
--- /dev/null
+++ b/inc/db.inc.php
@@ -0,0 +1,54 @@
+<?php
+
+class Database
+{
+	private static $dbh = false;
+	private static $statements = array();
+
+	public static function init()
+	{
+		if (self::$dbh !== false) return;
+		try {
+			self::$dbh = new PDO(CONFIG_SQL_DSN, CONFIG_SQL_USER, CONFIG_SQL_PASS, array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
+		} catch (PDOException $e) {
+			Util::traceError('Connecting to the local database failed: ' . $e->getMessage());
+		}
+	}
+
+	public static function queryFirst($query, $args = array())
+	{
+		$res = self::simpleQuery($query, $args);
+		if ($res === false) return false;
+		return $res->fetch(PDO::FETCH_ASSOC);
+	}
+
+	public static function exec($query, $args = array())
+	{
+		$res = self::simpleQuery($query, $args);
+		if ($res === false) return false;
+		return $res->rowCount();
+	}
+
+	public static function simpleQuery($query, $args = array())
+	{
+		self::init();
+		//if (empty($args)) Util::traceError('Query with zero arguments!');
+		if (!isset(self::$statements[$query])) {
+			self::$statements[$query] = self::$dbh->prepare($query);
+		} else {
+			self::$statements[$query]->closeCursor();
+		}
+		if (self::$statements[$query]->execute($args) === false) {
+			Util::traceError("Database Error: \n" . implode("\n", self::$statements[$query]->errorInfo()));
+		}
+		return self::$statements[$query];
+	}
+
+	public static function prepare($query)
+	{
+		self:init();
+		return self::$dbh->prepare($query);
+	}
+
+}
+
diff --git a/inc/message.inc.php b/inc/message.inc.php
index 238ed939..b24bf2a1 100644
--- a/inc/message.inc.php
+++ b/inc/message.inc.php
@@ -2,13 +2,18 @@
 
 // TODO: Move to extra file
 $error_text = array(
-	'loginfail'      => 'Benutzername oder Kennwort falsch',
-	'token'          => 'Ungültiges Token. CSRF Angriff?',
+	'loginfail'         => 'Benutzername oder Kennwort falsch',
+	'token'             => 'Ungültiges Token. CSRF Angriff?',
+	'adduser-disabled'  => 'Keine ausreichenden Rechte, um weitere Benutzer hinzuzufügen',
+	'password-mismatch' => 'Passwort und Passwortbestätigung stimmen nicht überein',
+	'empty-field'       => 'Ein benötigtes Feld wurde nicht ausgefüllt',
+	'adduser-success'   => 'Benutzer erfolgreich hinzugefügt',
 );
 
 class Message
 {
 	private static $list = array();
+	private static $flushed = false;
 
 	public static function addError($id)
 	{
@@ -16,6 +21,7 @@ class Message
 			'type' => 'error',
 			'id'    => $id
 		);
+		if (self::$flushed) self::renderList();
 	}
 
 	public static function addWarning($id)
@@ -24,6 +30,7 @@ class Message
 			'type' => 'warning',
 			'id'    => $id
 		);
+		if (self::$flushed) self::renderList();
 	}
 
 	public static function addInfo($id)
@@ -32,6 +39,7 @@ class Message
 			'type' => 'info',
 			'id'    => $id
 		);
+		if (self::$flushed) self::renderList();
 	}
 
 	public static function addSuccess($id)
@@ -40,6 +48,7 @@ class Message
 			'type' => 'success',
 			'id'    => $id
 		);
+		if (self::$flushed) self::renderList();
 	}
 
 	public static function renderList()
@@ -48,6 +57,8 @@ class Message
 		foreach (self::$list as $item) {
 			Render::addTemplate('messagebox-' . $item['type'], array('message' => $error_text[$item['id']]));
 		}
+		self::$list = array();
+		self::$flushed = true;
 	}
 
 }
diff --git a/inc/session.inc.php b/inc/session.inc.php
index 4b4d4139..402e6cd9 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -19,19 +19,21 @@ class Session
 			. $_SERVER['REMOTE_ADDR']
 			. mt_rand(0, 65535)
 			. $_SERVER['REMOTE_PORT']
+			. mt_rand(0, 65535)
 			. $_SERVER['HTTP_USER_AGENT']
+			. mt_rand(0, 65535)
 			. microtime(true)
 			. mt_rand(0, 65535)
 		);
 	}
 
-	public static function createSession()
+	public static function create()
 	{
 		self::generateSessionId();
 		self::$data = array();
 	}
 
-	public static function loadSession()
+	public static function load()
 	{
 		// Try to load session id from cookie
 		if (!self::loadSessionId()) return false;
diff --git a/inc/user.inc.php b/inc/user.inc.php
index f10a4f65..b988bbeb 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -14,13 +14,16 @@ class User
 	public static function getName()
 	{
 		if (self::$user === false) return false;
-		return self::$user['name'];
+		return self::$user['fullname'];
 	}
 
 	public static function load()
 	{
-		if (Session::loadSession()) {
-			self::$user['name'] = 'Hans';
+		if (Session::load()) {
+			$uid = Session::get('uid');
+			if ($uid === false || $uid < 1) self::logout();
+			self::$user = Database::queryFirst('SELECT * FROM user WHERE userid = :uid LIMIT 1', array(':uid' => $uid));
+			if (self::$user === false) self::logout();
 			return true;
 		}
 		return false;
@@ -28,14 +31,14 @@ class User
 
 	public static function login($user, $pass)
 	{
-		if ($user == 'test' && $pass == 'test') {
-			Session::createSession();;
-			Session::set('uid', 1);
-			Session::set('token', md5(rand() . time() . rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT']));
-			Session::save();
-			return true;
-		}
-		return false;
+		$ret = Database::queryFirst('SELECT userid, passwd FROM user WHERE login = :user LIMIT 1', array(':user' => $user));
+		if ($ret === false) return false;
+		if (crypt($pass, $ret['passwd']) !== $ret['passwd']) return false;
+		Session::create();
+		Session::set('uid', $ret['userid']);
+		Session::set('token', md5(rand() . time() . rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT']));
+		Session::save();
+		return true;
 	}
 
 	public static function logout()